Barbican MKEK Model
Registered by
Tim Kelsey
This effort will enhance the scalability of Barbican by removing possible
limitations on the number of tenant keys that can be stored in an attached HSM.
We propose adding a new plugin that implements a Master Key Encryption (MKEK)
based model for utilising an attached HSM appliance. Under this model, locally
stored Data Encryption Keys (DEKs) are protected by per-tenant Key Encryption
Keys (KEKs) that are themselves protected by the use of a Master Key Encryption
Key (MKEK). Please see the spec for more details.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Tim Kelsey
- Direction:
- Needs approval
- Assignee:
- Tim Kelsey
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)
